Category Archives: CyberCrime

  • -

Malware Takes Bold Steps to Avoid Analysis

Category : CyberCrime

Malware known as Rombertik goes to great lengths to evade analysis.
Rombertik employs a number of methods to prevent researchers from
examining its workings, including a component that self-destructs if it
detects it is being examined, and when it does, it attempts to delete
hard drive data and render the infected machine useless until the
operating system is reinstalled. Rombertik spreads through spam and
phishing emails and is designed to harvest all plain text entered in the
browser window.

Article: arstechnica

  • -

Google says Chinese Great Cannon shows need to encrypt web

Category : CyberCrime , DataBreach

Summary:The large DDoS attack on GitHub and Greatfire that occurred over March and April would not have been possible with encrypted web traffic, Google has said.

For a month and a half, China’s new Great Cannon attack injected HTML and JavaScript aimed at flooding GitHub and servers into web requests to popular Chinese search engine Baidu.

Described at the time as a significant escalation of state-level information control and a censorship tool powered by weaponising users, Google said on the weekend that the attack would not have been possible if the web had embraced moves to encrypt its transport layers.

“This provides further motivation for transitioning the web to encrypted and integrity-protected communication,” Google security engineer Niels Provos said in a blog post. “Unfortunately, defending against such an attack is not easy for website operators.”

According to Google, on March 25, the attack switched from Greatfire to Github.

“The attack against GitHub seems to have stopped on April 7th, 2015, and marks the last time we saw injections during our measurement period,” Provos said.

During the attack, 19 different JavaScript replacement payloads were detected, and although Google said it was unable to determine a number for different HTML attacks, the payloads were similar.

Provos said that although Google’s Safe Browsing analysis was limited to HTTP, and therefore could not be pinned on anyone, it showed that hiding such attacks is difficult.

“Another hope is that the external visibility of this attack will serve as a deterrent in the future,” he said.

Article: ZDNET

  • -

NINETY PERCENT of Java blackhats migrate to footling Flash

Category : CyberCrime

Patch-or-die policy makes net scum move on to softer target

Redmond’s security brains trust Tim Rains, Matt Miller, and David Watson say its patch wrecking ball applied only to out of date Java installations last year forced 90 percent of that platform’s hackers to move to Flash.

“The drop in Java exploits corresponds to a new Internet Explorer feature which blocks the use of out-of-date Java.”

Now the battle to build Flashy hacks is heating up. Five of eight new exploits worked into exploit kits last year targeted Adobe, while three of those five were exploited within 10 days of public vulnerability disclosure.

To illustrate the success the team say the recent HanJuan advertising Flash hole (CVE-2015-0311) bagged more than five million victims.

Article: The Register

  • -

Attackers Launched Cross-Site Scripting Attack on eBay Auction Page

Category : CyberCrime , DataBreach

Some eBay users were victims of an attack that caused some users who
clicked on links on the site to be taken to duplicated, malicious pages
where account access credentials were stolen. The attack affected users
who were viewing certain iPhone auctions.

Article: SCMagazine

  • -

Neiman Marcus Hackers Set Off 60,000 Alarms Missed By Defenders

Hackers who raided the credit-card payment system of Neiman Marcus Group
set off alerts on the company’s security systems about 60,000 times, but
went unnoticed for more than eight months. The reason: automation
deleted the card-stealing software automatically each day. The attackers
reloaded it every day. Card data were taken from July through October.

Article: businessweek

  • -

Wireless Devices Attacked at Sochi

Category : CyberCrime , CyberSecurity

Proving correct predictions that wireless devices will be targeted by
cyber criminals at the Sochi Olympics, NBC foreign correspondent Richard
Engel found that two laptops and his smartphone were quickly compromised
with malware that enabled attackers to use the devices to eavesdrop and
access data on the devices. The laptops were probed within minutes of
connecting to the Internet, and soon after, Engel received a phishing
message. A researcher who accompanied Engel has acknowledged that the
laptops were fresh out of the box with no updates and no security
software, and that the phone was compromised after the user agreed to
install an .apk from a Sochi website. Even so, visitors to Sochi are
likely to face a barrage of attempted cyber attacks.

Article: nbcnews

  • -

Overheid gaat IT security specialisten werven

Volgens de Nationaal Coördinator Terrorismebestrijding en Veiligheid (NCTV), waar het NCSC onder valt, staat of valt de economie met een goed draaiende digitale omgeving. “Ook gaan ontwikkelingen op dat gebied steeds sneller. Dat maakt het noodzakelijk om tijdig te investeren in de digitale veiligheid van Nederland.”

Om de digitale veiligheid van Nederland te waarborgen is de overheid een wervingscampagne gestart waarbij het allerlei IT security specialisten voor het Nationaal Cyber Security Centrum (NCSC) zoekt. Die moeten zich onder andere gaan bezighouden met zowel tactische als technische analyses.

Daarom worden er nu nieuwe specialisten en analisten op het gebied van cybersecurity gezocht. Met de uitbreiding, waarvan de wervingscampagne een onderdeel is, zal het NCSC uiteindelijk zo’n 70 professionals tellen. Op dit moment staan de eerste 3 profielen op de website van Werken voor Nederland, waarbij ruimte is voor 11 nieuwe medewerkers.

Article: werkenvoornederland

  • -

Tor Spy Nodes Detected

Computer scientists at Karlstad University in Sweden have detected at
least 20 exit nodes on the Tor anonymity network that appear to be
conducting man-in-the-middle attacks on Tor traffic. (There are
currently estimated to be about 1,000 exit nodes in the Tor network.)
Connections between Tor relays are encrypted, but when traffic leaves
the Tor network and is sent to their intended destination, it reverts
to its original state, so people operating the exit nodes could
potentially snoop on the traffic. Users are advised to employ HTTPS. The
suspect nodes appear to be run by someone in Russia who intercepts
traffic destined for specific sites, including Facebook.

Article: computerworld

Article: wired

  • -

openSUSE Forum 79,500 users’ data compromised.

The openSUSE Forum 79,500 users’ data compromised. Hacker shared the database sample. After Snapchat hack, this can be another worst data breach of the new year. A Pakistani hacker ‘H4x0r HuSsY’ has successfully compromised the official Forum of ‘openSUSE’, a Linux distro developed, sponsored & supported by SUSE.

Another interesting fact is that openSUSE is still using vBulletin 4.2.1, which is vulnerable to inject rogue administrator accounts flaw. Whereas, the latest patched vBulletin 5.0.5 is available. Possibly, Hacker exploits same or another known vBulletin version 4.2.1 vulnerability to access the website’s administrative panel.

Read more:

Innovice-IT is worried about the levels of Data Protection as implemented within companies. Every day businesses, public authorities and individuals transfer vast amounts of personal data across borders. Conflicting data protection rules in different countries would disrupt international exchanges. Individuals might also be unwilling to transfer personal data abroad if they were uncertain about the level of protection in other countries.

We are able to help you with experienced Data Protection officers, or help your officers with advanced training.


  • 1

Website gehackt via hostingprovider

De aanvallers die dit weekend wisten te hacken en bekladden konden dit doen dankzij een aanval op de hypervisor van de hostingprovider, aldus de ontwikkelaars. OpenSSL is de opensource implementatie van de SSL- en TLS-protocollen, die voor allerlei encryptie-toepassingen worden gebruikt.
Vanwege het belang van de software en het feit dat die op veel servers is geïnstalleerd reageerde de security-gemeenschap geschrokken op de defacement. In een eerdere korte verklaring stelden de ontwikkelaars dat de broncode en aangeboden software op niet waren aangepast.

De aanvallers wisten toegang tot de hypervisor te krijgen en daardoor ook tot de Virtual Machine waar de website van op draait. Vervolgens werd de index.html pagina aangepast met de boodschap “TurkGuvenligiTurkSec Was Here @turkguvenligi + we love openssl _”. De bekladding werd echter na een paar minuten opgemerkt en ongedaan gemaakt.

Een hypervisor of Virtual Machine Monitor (VMM) is software voor het draaien en beheren van Virtual Machines. Veel hostingproviders gebruiken het om op één fysieke server meerdere Virtual Machines voor klanten aan te maken.

OpenSSl levert aan duizenden bedrijven. Duidelijk is dat zelfs gerenomeerde bedrijven heel weinig voor hun bedrijfsaanwezigheid op het Internet willen betalen. Door onterecht vertrouwen in hun provider ontstaat dan uiteindelijk grote (reputatie) schade. Een goede provider besteed capaciteit aan het regelmatig loganalyses en updates uit voeren.

Innovice-IT kan voor u een penetratie-test uitvoeren op uw infrastructuur, of u Secure Managed Hosting bieden.


Innovice-IT on Twitter

  1. Bas Eikelenboom
    Bas Eikelenboom: RT @Miltenburg_14: Sinterklaas helpen gestolen pakjes naar de kinderen terug te brengen #Sinterklaas #dankbaar #blijekinderen @PolitieUtrec

  2. Bas Eikelenboom
    Bas Eikelenboom: RT @Byte_Fighter: De politiechatbot Wout is actief! @Politie

  3. Bas Eikelenboom
    Bas Eikelenboom: RT @UID_: Now all DNS goes via CloudFlare too. This thread is only getting longer, what the F are we doing?! When can I stop quoting this t…

  4. Bas Eikelenboom
    Bas Eikelenboom: RT @InfoSecHotSpot: Unfilled cybersecurity jobs are expected to reach 1.8 million by 2022, up 20 percent from 1.5 million in 2015, accordin…

  5. Bas Eikelenboom